|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [PROPOSAL] Cluster MISC-2001-001 - 45 candidates
I am proposing cluster MISC-2001-001 for review and voting by the Editorial Board. Name: MISC-2001-001 Description: Misc. candidates announced between 1/19/2001 and 6/30/2001 Size: 45 You may vote on candidates by modifying this email ballot and sending it back to me, or by using the CVE voting web site. The candidates are listed in order of priority. Priority 1 and Priority 2 candidates both deal with varying levels of vendor confirmation, so they should be easy to review and it can be trusted that the problems are real. Summary of votes to use (in ascending order of "severity") ---------------------------------------------------------- ACCEPT - voter accepts the candidate as proposed NOOP - voter has no opinion on the candidate MODIFY - voter wants to change some MINOR detail (e.g. reference/description) REVIEWING - voter is reviewing/researching the candidate, or needs more info RECAST - candidate must be significantly modified, e.g. split or merged REJECT - candidate is "not a vulnerability", or a duplicate, etc. 1) Please write your vote on the line that starts with "VOTE: ". If you want to add comments or details, add them to lines after the VOTE: line. 2) If you see any missing references, please mention them so that they can be included. References help greatly during mapping. 3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes. So if you don't have sufficient information for a candidate but you don't want to NOOP, use a REVIEWING. ********** NOTE ********** NOTE ********** NOTE ********** NOTE ********** Please keep in mind that your vote and comments will be recorded and publicly viewable in the mailing list archives or in other formats. ====================================================== Candidate: CAN-2001-1246 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1246 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20010630 php breaks safe mode Reference: URL:http://online.securityfocus.com/archive/1/194425 Reference: BID:2954 Reference: URL:http://online.securityfocus.com/bid/2954 Reference: XF:php-safemode-elevate-privileges(6787) Reference: URL:http://www.iss.net/security_center/static/6787.php Reference: CONFIRM:http://www.php.net/do_download.php?download_file=php-4.1.2.tar.gz PHP 4.0.5 through 4.1.0 in safe mode does not properly cleanse the 5th parameter to the mail() function, which allows local users and possibly remote attackers to execute arbitrary commands via shell metacharacters. Analysis ---------------- ED_PRI CAN-2001-1246 1 Vendor Acknowledgement: yes changelog ACKNOWLEDGEMENT: php-4.1.2 source, NEWS file, 10 Dec 2001, Version 4.1.0 states: "Fixed a bug that allowed users to spawn processes while using the 5th parameter to mail()" The 5th param to mail was added in version 4.0.5. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1247 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1247 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20010630 php breaks safe mode Reference: URL:http://online.securityfocus.com/archive/1/194425 Reference: CONFIRM:http://www.php.net/do_download.php?download_file=php-4.1.2.tar.gz PHP 4.0.4pl1 and 4.0.5 in safe mode allows remote attackers to read and write files owned by the web server UID by uploading a PHP script that uses the error_log function to access the files. Analysis ---------------- ED_PRI CAN-2001-1247 1 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1276 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1276 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20010621 ispell update -- Immunix OS 6.2 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99317439131174&w=2 Reference: IMMUNIX:IMNX-2001-62-004-01 Reference: URL:http://download.immunix.org/ImmunixOS/6.2/updates/IMNX-2001-62-004-01 Reference: MANDRAKE:MDKSA-2001:058 Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-058.php3 Reference: REDHAT:RHSA-2001:074 Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-074.html ispell before 3.1.20 allows local users to overwrite files of other users via a symlink attack on a temporary file. Analysis ---------------- ED_PRI CAN-2001-1276 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1277 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1277 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20010611 man 1.5h10 + man 1.5i-4 exploits Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99227597227747&w=2 Reference: REDHAT:RHSA-2001:072 Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-072.html Reference: MISC:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=41805 makewhatis in the man package before 1.5i2 allows an attacker with man privileges to overwrite arbitrary files via a man page whose name contains shell metacharacters. Analysis ---------------- ED_PRI CAN-2001-1277 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1322 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1322 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: REDHAT:RHSA-2001:075 Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-075.html Reference: DEBIAN:DSA-063 Reference: URL:http://www.debian.org/security/2001/dsa-063 Reference: ENGARDE:ESA-20010621-01 Reference: URL:http://www.linuxsecurity.com/advisories/other_advisory-1469.html Reference: FREEBSD:FreeBSD-SA-01:47 Reference: URL:http://online.securityfocus.com/advisories/3446 Reference: SUSE:SuSE-SA:2001:022 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99384417013990&w=2 Reference: CONECTIVA:CLA-2001:404 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000404 Reference: MANDRAKE:MDKSA-2001:055 Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-055.php3 Reference: IMMUNIX:IMNX-2001-70-024-01 Reference: URL:http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-024-01 Reference: XF:xinetd-insecure-permissions(6657) Reference: URL:http://www.iss.net/security_center/static/6657.php Reference: BID:2826 Reference: URL:http://online.securityfocus.com/bid/2826 xinetd 2.1.8 and earlier runs with a default umask of 0, which could allow local users to read or modify files that are created by an application that runs under xinetd but does not set its own safe umask. Analysis ---------------- ED_PRI CAN-2001-1322 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1324 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1324 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: CONFIRM:http://multivac.cwru.edu/idtools/admin_idtools.tar.bz2 Reference: MISC:http://securitytracker.com/alerts/2001/Jun/1001839.html Reference: BID:2934 Reference: URL:http://www.securityfocus.com/bid/2934 cvmlogin and statfile in Paul Jarc idtools before 2001.06.27 do not properly check the return value of a call to the pathexec_env function, which could cause the setstate utility to setuid to the UID environment variable and allow local users to gain privileges. Analysis ---------------- ED_PRI CAN-2001-1324 1 Vendor Acknowledgement: yes ACKNOWLEDGEMENT: the CHANGES file in the distribution of idtools includes an entry dated 2001.06.27, which states "check for memory allocation failure from pathexec_env." Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1327 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1327 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: TURBO:TLSA2001024 Reference: URL:http://www.turbolinux.com/pipermail/tl-security-announce/2001-May/000313.html pmake before 2.1.35 in Turbolinux 6.05 and earlier is installed with setuid root privileges, which could allow local users to gain privileges by exploiting vulnerabilities in pmake or programs that are used by pmake. Analysis ---------------- ED_PRI CAN-2001-1327 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1328 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1328 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: Reference: CIAC:L-103 Reference: AUSCERT:AA-2001.03 Reference: URL:ftp://ftp.auscert.org.au/pub/auscert/advisory/AA-2001.03 Reference: SUN:00203 Reference: XF:solaris-ypbind-bo(6828) Buffer overflow in ypbind daemon in Solaris 5.4 through 8 allows remote attackers to execute arbitrary code. Analysis ---------------- ED_PRI CAN-2001-1328 1 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1331 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1331 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: CONFIRM:http://online.securityfocus.com/advisories/3307 Reference: DEBIAN:DSA-056 Reference: URL:http://www.debian.org/security/2001/dsa-056 Reference: BID:2720 Reference: URL:http://online.securityfocus.com/bid/2720 mandb in the man-db package before 2.3.16-3 allows local users to overwrite arbitrary files via the command line options (1) -u or (2) -c, which do not drop privileges and follow symlinks. Analysis ---------------- ED_PRI CAN-2001-1331 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1334 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1334 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20010515 PHPSlash : potential vulnerability in URL blocks Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0126.html Reference: CONFIRM:http://marc.theaimsgroup.com/?l=phpslash&m=99029398904419&w=2 Reference: BID:2724 Reference: URL:http://online.securityfocus.com/bid/2724 Block_render_url.class in PHPSlash 0.6.1 allows remote attackers with PHPSlash administrator privileges to read arbitrary files by creating a block and specifying the target file as the source URL. Analysis ---------------- ED_PRI CAN-2001-1334 1 Vendor Acknowledgement: yes Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1342 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1342 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20010412 Apache Win32 8192 chars string bug Reference: URL:http://online.securityfocus.com/archive/1/176144 Reference: BUGTRAQ:20010522 [Announce] Apache 1.3.20 Released Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99054258728748&w=2 Reference: CONFIRM:http://bugs.apache.org/index.cgi/full/7522 Reference: XF:apache-server-dos(6527) Reference: URL:http://www.iss.net/security_center/static/6527.php Reference: BID:2740 Reference: URL:http://online.securityfocus.com/bid/2740 Apache before 1.3.20 on Windows and OS/2 systems allows remote attackers to cause a denial of service (crash) via an HTTP request for a URI that contains a large number of / (slash) or other characters, which causes certain functions to dereference a null pointer. Analysis ---------------- ED_PRI CAN-2001-1342 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1345 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1345 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20010604 Fatal flaw in BestCrypt <= v0.7 (Linux) Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-06/0005.html Reference: CONFIRM:http://www.jetico.com/index.htm#/linux.htm Reference: XF:bestcrypt-bctool-gain-privileges(6648) Reference: URL:http://xforce.iss.net/static/6648.php Reference: BID:2820 Reference: URL:http://www.securityfocus.com/bid/2820 bctool in Jetico BestCrypt 0.7 and earlier trusts the user-supplied PATH to find and execute an fsck utility program, which allows local users to gain privileges by modifying the PATH to point to a Trojan horse program. Analysis ---------------- ED_PRI CAN-2001-1345 1 Vendor Acknowledgement: yes changelog ACKNOWLEDGEMENT: The change log includes an entry for version 0.8-2, dated 04-June-2001, which states "root access bug fixed" and credits the person who reported the problem to Bugtraq. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1349 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1349 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BINDVIEW:20010528 Unsafe Signal Handling in Sendmail Reference: URL:http://razor.bindview.com/publish/advisories/adv_sm8120.html Reference: BUGTRAQ:20010529 sendmail 8.11.4 and 8.12.0.Beta10 available (fwd) Reference: URL:http://www.securityfocus.com/archive/1/187127 Reference: CONFIRM:http://archives.neohapsis.com/archives/sendmail/2001-q2/0001.html Reference: BID:2794 Reference: URL:http://www.securityfocus.com/bid/2794 Sendmail before 8.11.4, and 8.12.0 before 8.12.0.Beta10, allows local users to cause a denial of service and possibly corrupt the heap and gain privileges via race conditions in signal handlers. Analysis ---------------- ED_PRI CAN-2001-1349 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1229 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1229 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020416 Category: SF Reference: BUGTRAQ:20010312 Icecast / Libshout remote vulnerabilities Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98438880622976&w=2 Reference: CONFIRM:http://www.xiph.org/archives/icecast/0074.html Reference: CONECTIVA:CLA-2001:387 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000387 Reference: REDHAT:RHSA-2002:063 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-063.html Buffer overflows in (1) Icecast before 1.3.9 and (2) libshout before 1.0.4 allow remote attackers to cause a denial of service (crash) and execute arbitrary code. Analysis ---------------- ED_PRI CAN-2001-1229 3 Vendor Acknowledgement: yes advisory Content Decisions: VAGUE, SF-CODEBASE, SF-LOC ABSTRACTION: CD:SF-LOC suggests creating separate items for the same type of issue, if a problem appears in one version and not another. Thus the buffer overflows that were fixed in 1.3.9 are separated from those that were fixed in 1.3.10. Since Icecast and libshout are both from the same vendor, it is likely that they share a common codebase, so they are combined. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1230 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1230 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020416 Category: SF Reference: BUGTRAQ:20010313 More Icecast remote vulnerabilities Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98455723123298&w=2 Reference: DEBIAN:DSA-089 Reference: URL:http://www.debian.org/security/2001/dsa-089 Reference: REDHAT:RHSA-2002:063 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-063.html Buffer overflows in Icecast before 1.3.10 allow remote attackers to cause a denial of service (crash) and execute arbitrary code. Analysis ---------------- ED_PRI CAN-2001-1230 3 Vendor Acknowledgement: yes advisory Content Decisions: VAGUE, SF-LOC ABSTRACTION: CD:SF-LOC suggests creating separate items for the same type of issue, if a problem appears in one version and not another. Thus the buffer overflows that were fixed in 1.3.9 are separated from those that were fixed in 1.3.10. It is not clear whether CONECTIVA:CLA-2001:387 fixes this issue because it released patches for version 1.3.9, so the reference is not included. The advisory credits John Viega, but he reported other issues several days earlier (CAN-2001-1229). Since the Conectiva advisory was posted before the new 1.3.10 version was announced, it probably is not fixing the issues in 1.3.9. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1239 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1239 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BID:2992 Reference: URL:http://online.securityfocus.com/bid/2992 PowerNet IX allows remote attackers to cause a denial of service via a port scan. Analysis ---------------- ED_PRI CAN-2001-1239 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1248 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1248 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20010629 4 New vulns. vWebServer and SmallHTTP Reference: URL:http://online.securityfocus.com/archive/1/194418 Reference: BID:2975 Reference: URL:http://online.securityfocus.com/bid/2975 Reference: XF:vwebserver-asp-reveal-source(6769) Reference: URL:http://www.iss.net/security_center/static/6769.php vWebServer 1.2.0 allows remote attackers to view arbitrary ASP scripts via a request for an ASP script that ends with a URL-encoded space character (%20). Analysis ---------------- ED_PRI CAN-2001-1248 3 Vendor Acknowledgement: unknown discloser-claimed Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1249 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1249 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20010629 4 New vulns. vWebServer and SmallHTTP Reference: URL:http://online.securityfocus.com/archive/1/194418 Reference: BID:2978 Reference: URL:http://online.securityfocus.com/bid/2978 vWebServer 1.2.0 allows remote attackers to cause a denial of service via a URL that contains MS-DOS device names. Analysis ---------------- ED_PRI CAN-2001-1249 3 Vendor Acknowledgement: unknown discloser-claimed Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1250 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1250 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20010629 4 New vulns. vWebServer and SmallHTTP Reference: URL:http://online.securityfocus.com/archive/1/194418 Reference: BID:2979 Reference: URL:http://online.securityfocus.com/bid/2979 Reference: XF:vwebserver-long-url-dos(6771) Reference: URL:http://www.iss.net/security_center/static/6771.php vWebServer 1.2.0 allows remote attackers to cause a denial of service (hang) via a small number of long URL requests, possibly due to a buffer overflow. Analysis ---------------- ED_PRI CAN-2001-1250 3 Vendor Acknowledgement: unknown discloser-claimed Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1251 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1251 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20010629 4 New vulns. vWebServer and SmallHTTP Reference: URL:http://online.securityfocus.com/archive/1/194418 Reference: BID:2980 Reference: URL:http://online.securityfocus.com/bid/2980 Reference: XF:vwebserver-long-url-dos(6771) Reference: URL:http://www.iss.net/security_center/static/6771.php SmallHTTP 1.204 through 3.00 beta 8 allows remote attackers to cause a denial of service via multiple long URL requests. Analysis ---------------- ED_PRI CAN-2001-1251 3 Vendor Acknowledgement: unknown discloser-claimed Discloser claims "all versions vulnerable" but only lists 2.x and 3.x, not 1.x. The lowest version listed (1.204) and the highest version up to the post date (3.00 beta 8) were chosen. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1256 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1256 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20010604 yet another sym link followers Reference: URL:http://www.securityfocus.com/archive/1/188568 Reference: CERT-VN:VU#127435 Reference: URL:http://www.kb.cert.org/vuls/id/127435 Reference: CIAC:L-093 Reference: URL:http://ciac.llnl.gov/ciac/bulletins/l-093.shtml Reference: HP:HPSBUX0106-153 Reference: URL:http://online.securityfocus.com/advisories/3354 Reference: CONFIRM:http://www.kb.cert.org/vuls/id/TJSL-4Z5Q92 Reference: XF:hpux-kmmodreg-symlink(6656) Reference: URL:http://xforce.iss.net/static/6656.php Reference: BID:2821 Reference: URL:http://www.securityfocus.com/bid/2821 kmmodreg in HP-UX 11.11, 11.04 and 11.00 allows local users to create arbitrary world-writeable files via a symlink attack on the (1) /tmp/.kmmodreg_lock and (2) /tmp/kmpath.tmp temporary files. Analysis ---------------- ED_PRI CAN-2001-1256 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-LOC, VAGUE The HP:HPSBUX0106-153 is written too vaguely and does not have sufficient details to be absolutely certain that it is addressing the same issue. However, CERT VU#127435 includes a vendor statement that is the text of that advisory. The CERT VU references BID:2821, which in turn references the Bugtraq post. Thus we finally have a link from HP:HPSBUX0106-153 to the initial announcement... although HP:HPSBUX0106-153 has no references to CERT VU's or any other identifier, so this analysis can only be regarded as conclusive if CERT obtained the statement directly from HP. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1263 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1263 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20010606 advisory for Pragma Interaccess Reference: URL:http://online.securityfocus.com/archive/1/189327 Reference: BID:2834 Reference: URL:http://online.securityfocus.com/bid/2834 Reference: XF:pragma-interaccess-dos(6658) Reference: URL:http://xforce.iss.net/static/6658.php telnet95.exe in Pragma InterAccess 4.0 build 5 allows remote attackers to cause a denial of service (crash) via a large number of characters to port 23, possibly due to a buffer overflow. Analysis ---------------- ED_PRI CAN-2001-1263 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1273 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1273 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: CIAC:L-045 Reference: URL:http://ciac.llnl.gov/ciac/bulletins/l-045.shtml Reference: REDHAT:RHSA-2001:013 Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-013.html The "mxcsr P4" vulnerability in the Linux kernel before 2.2.17-14, when running on certain Intel CPUs, allows local users to cause a denial of service (system halt). Analysis ---------------- ED_PRI CAN-2001-1273 3 Vendor Acknowledgement: yes advisory Content Decisions: VAGUE Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1274 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1274 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20010119 Re: MySQL Overflow + exploit [ops..sent a broken exploit :P] Reference: BUGTRAQ:20010118 Buffer overflow in MySQL < 3.23.31 Reference: BUGTRAQ:20010119 Re: MySQL < 3.23.31 Overflow [exploit] Reference: DEBIAN:DSA-013 Reference: URL:http://www.debian.org/security/2001/dsa-013 Reference: CALDERA:CSSA-2001-006.0 Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2001-006.0.txt Reference: CONECTIVA:CLA-2001:375 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000375 Reference: FREEBSD:FreeBSD-SA-01:16 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98089552030459&w=2 Reference: CONFIRM:http://www.mysql.com/documentation/mysql/bychapter/manual_News.html#News-3.23.3 Reference: MANDRAKE:MDKSA-2001:014 Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-014.php3 Reference: REDHAT:RHSA-2001:003 Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-003.html Buffer overflow in MySQL before 3.23.31 allows attackers to cause a denial of service and possibly gain privileges. Analysis ---------------- ED_PRI CAN-2001-1274 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1275 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1275 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: CALDERA:CSSA-2001-006.0 Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2001-006.0.txt Reference: FREEBSD:FreeBSD-SA-01:16 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98089552030459&w=2 Reference: MANDRAKE:MDKSA-2001:014 Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-014.php3 Reference: REDHAT:RHSA-2001:003 Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-003.html MySQL before 3.23.31 allows users with a MySQL account to use the SHOW GRANTS command to obtain the encrypted administrator password from the mysql.user table and possibly gain privileges via password cracking. Analysis ---------------- ED_PRI CAN-2001-1275 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1290 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1290 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20010627 Active Web Classifieds failure to authenticate leads to arbitrary code execution Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-06/0386.html Reference: BID:2942 Reference: URL:http://online.securityfocus.com/bid/2942 Reference: XF:active-classifieds-admin-access(6754) Reference: URL:http://xforce.iss.net/static/6754.php admin.cgi in Active Classifieds Free Edition 1.0, and possibly commercial versions, allows remote attackers to modify the configuration, gain privileges, and execute arbitrary Perl code via the table_width parameter. Analysis ---------------- ED_PRI CAN-2001-1290 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1323 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1323 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20010426 Security advisory: krb5 ftpd buffer overflows Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98826223517788&w=2 Reference: IMMUNIX:IMNX-2001-70-022-01 Reference: URL:http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-022-01 Reference: CONFIRM:http://web.mit.edu/kerberos/www/advisories/ftpbuf.txt Reference: REDHAT:RHSA-2001:060 Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-060.html Buffer overflow in MIT Kerberos 5 (krb5) 1.2.2 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via base-64 encoded data, which is not properly handled when the radix_encode function processes file glob output from the ftpglob function. Analysis ---------------- ED_PRI CAN-2001-1323 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-CODEBASE ABSTRACTION: while this problem is very similar to the other FTP glob problems that were discovered at the same time (CAN-2001-0247 through CAN-2001-0249), the Kerberos advisory includes enough information to indicate that the problem is in a different codebase than others, in that is uses both radix_encode and ftpglob. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1325 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1325 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20010420 XML scripting in IE, Outlook Express Reference: URL:http://www.securityfocus.com/archive/1/3AE02004.57FDF958@guninski.com Reference: XF:ie-xml-stylesheets-scripting(6448) Reference: URL:http://xforce.iss.net/static/6448.php Reference: BID:2633 Reference: URL:http://www.securityfocus.com/bid/2633 Internet Explorer 5.0 and 5.5, and Outlook Express 5.0 and 5.5, allow remote attackers to execute scripts when Active Scripting is disabled by including the scripts in XML stylesheets (XSL) that are referenced using an IFRAME tag, possibly due to a vulnerability in Windows Scripting Host (WSH). Analysis ---------------- ED_PRI CAN-2001-1325 3 Vendor Acknowledgement: Content Decisions: INCLUSION It is not clear from the exploit whether this is a discovery of an alternate attack vector that takes advantage of a vulnerability that was already addressed. The vulnerability reporter and vendor received differing results, as did a large number of respondents to Bugtraq. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1326 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1326 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20010528 feeble.hey!dora.exploit part.II Reference: URL:http://www.securityfocus.com/archive/1/187128 Reference: BID:2796 Reference: URL:http://www.securityfocus.com/bid/2796 Eudora 5.1 allows remote attackers to execute arbitrary code when the "Use Microsoft Viewer" option is enabled and the "allow executables in HTML content" option is disabled, via an HTML email with a form that is activated from an image that the attacker spoofs as a link, which causes the user to execute the form and access embedded attachments. Analysis ---------------- ED_PRI CAN-2001-1326 3 Vendor Acknowledgement: Content Decisions: SF-LOC ABSTRACTION: This problem is very similar to CVE-2001-0365, but this issue affects version 5.1, whereas CVE-2001-0365 did not. Since the problems occur in different versions, CD:SF-LOC suggests a SPLIT. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1329 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1329 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20010611 rsh bufferoverflow on AIX 4.2 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-06/0133.html Buffer overflow in rsh on AIX 4.2.0.0 may allow local users to gain root priveleges via a long command line argument. Analysis ---------------- ED_PRI CAN-2001-1329 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1330 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1330 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20010611 rsh bufferoverflow on AIX 4.2 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-06/0133.html Buffer overflow in rsh on AIX 4.2.0.0 may allow local users to gain root privileges via a long command line argument. Analysis ---------------- ED_PRI CAN-2001-1330 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1332 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1332 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: CONECTIVA:CLA-2001:384 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000386 Reference: CONECTIVA:CLA-2001:386 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000386 Reference: MANDRAKE:MDKSA-2001:048 Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-048.php3 Reference: SUSE:SuSE-SA:2002:005 Reference: URL:http://lists2.suse.com/archive/suse-security-announce/2001-Mar/0000.html Buffer overflows in Linux CUPS before 1.1.6 may allow remote attackers to execute arbitrary code. Analysis ---------------- ED_PRI CAN-2001-1332 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-LOC, VAGUE Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1333 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1333 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: CONECTIVA:CLA-2001:384 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000386 Reference: CONECTIVA:CLA-2001:386 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000386 Reference: MANDRAKE:MDKSA-2001:048 Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-048.php3 Reference: SUSE:SuSE-SA:2002:005 Reference: URL:http://lists2.suse.com/archive/suse-security-announce/2001-Mar/0000.html Linux CUPS before 1.1.6 does not securely handle temporary files, possibly due to a symlink vulnerability that could allow local users to overwrite files. Analysis ---------------- ED_PRI CAN-2001-1333 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-LOC, VAGUE The vague advisories do not make it clear whether the "insecure file handling" is due to symlink problems or not. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1335 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1335 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20010527 CesarFTP v0.98b triple dot Directory Traversal / Weak password encryption Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0252.html Reference: XF:cesarftp-directory-traversal(6606) Reference: URL:http://www.iss.net/security_center/static/6606.php Reference: BID:2786 Reference: URL:http://online.securityfocus.com/bid/2786 Directory traversal vulnerability in CesarFTP 0.98b and earlier allows remote authenticated users (such as anonymous) to read arbitrary files via a GET with a filename that contains a ...%5c (modified dot dot). Analysis ---------------- ED_PRI CAN-2001-1335 3 Vendor Acknowledgement: Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1336 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1336 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20010527 CesarFTP v0.98b triple dot Directory Traversal / Weak password encryption Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0252.html Reference: BID:2785 Reference: URL:http://online.securityfocus.com/bid/2785 Reference: XF:cesarftp-settings-plaintext-password(6608) Reference: URL:http://www.iss.net/security_center/static/6608.php CesarFTP 0.98b and earlier stores usernames and passwords in plaintext in the settings.ini file, which allows attackers to gain privileges. Analysis ---------------- ED_PRI CAN-2001-1336 3 Vendor Acknowledgement: Content Decisions: DESIGN-WEAK-ENCRYPTION, SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1337 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1337 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20010524 IPC@Chip Security Reference: URL:http://www.securityfocus.com/archive/1/186418 Reference: BID:2774 Reference: URL:http://www.securityfocus.com/bid/2774 Reference: XF:ipcchip-http-dos(6594) Reference: URL:http://www.iss.net/security_center/static/6594.php Beck IPC GmbH IPC@CHIP Embedded-Webserver allows remote attackers to cause a denial of service via a long HTTP request. Analysis ---------------- ED_PRI CAN-2001-1337 3 Vendor Acknowledgement: Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1338 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1338 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20010602 IPC@Chip - Fixes Reference: URL:http://cert.uni-stuttgart.de/archive/bugtraq/2001/06/msg00010.html Reference: BUGTRAQ:20010524 IPC@Chip Security Reference: URL:http://www.securityfocus.com/archive/1/186418 Reference: CERT-VN:VU#198979 Reference: URL:http://www.kb.cert.org/vuls/id/198979 Reference: BID:2773 Reference: URL:http://www.securityfocus.com/bid/2773 Reference: XF:ipcchip-telnet-verify-account(6595) Reference: URL:http://www.iss.net/security_center/static/6595.php Beck IPC GmbH IPC@CHIP TelnetD server generates different responses when given valid and invalid login names, which allows remote attackers to determine accounts on the system. Analysis ---------------- ED_PRI CAN-2001-1338 3 Vendor Acknowledgement: unknown discloser-claimed Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1339 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1339 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20010602 IPC@Chip - Fixes Reference: URL:http://cert.uni-stuttgart.de/archive/bugtraq/2001/06/msg00010.html Reference: BUGTRAQ:20010524 IPC@Chip Security Reference: URL:http://www.securityfocus.com/archive/1/186418 Reference: CERT-VN:VU#198979 Reference: URL:http://www.kb.cert.org/vuls/id/198979 Reference: BID:2771 Reference: URL:http://www.securityfocus.com/bid/2771 Reference: XF:ipcchip-telnet-bruteforce-passwords(6605) Reference: URL:http://www.iss.net/security_center/static/6605.php Beck IPC GmbH IPC@CHIP telnet service does not delay or disconnect users from the service when bas passwords are entered, which makes it easier for remote attackers to conduct brute force password guessing attacks. Analysis ---------------- ED_PRI CAN-2001-1339 3 Vendor Acknowledgement: unknown discloser-claimed Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1340 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1340 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20010602 IPC@Chip - Fixes Reference: URL:http://www.securityfocus.com/archive/1/188219 Reference: BUGTRAQ:20010524 IPC@Chip Security Reference: URL:http://www.securityfocus.com/archive/1/186418 Reference: CERT-VN:VU#756019 Reference: URL:http://www.kb.cert.org/vuls/id/756019 Reference: XF:ipcchip-telnet-admin-lockout(6596) Reference: URL:http://www.iss.net/security_center/static/6596.php Reference: BID:2772 Reference: URL:http://www.securityfocus.com/bid/2772 Beck GmbH IPC@Chip TelnetD service supports only one connection and does not disconnect a user who does not complete the login process, which allows remote attackers to lock out the administrator account by connecting to the service. Analysis ---------------- ED_PRI CAN-2001-1340 3 Vendor Acknowledgement: Content Decisions: CF, SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1341 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1341 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20010602 IPC@Chip - Fixes Reference: URL:http://www.securityfocus.com/archive/1/188219 Reference: BUGTRAQ:20010524 IPC@Chip Security Reference: URL:http://www.securityfocus.com/archive/1/186418 Reference: CERT-VN:VU#574739 Reference: URL:http://www.kb.cert.org/vuls/id/574739 Reference: BID:2767 Reference: URL:http://www.securityfocus.com/bid/2767 Reference: XF:ipcchip-chipcfg-gain-information(6600) Reference: URL:http://www.iss.net/security_center/static/6600.php The Beck GmbH IPC@Chip embedded web server installs the chipcfg.cgi program by default, which allows remote attackers to obtain sensitive network information via a request to the program. Analysis ---------------- ED_PRI CAN-2001-1341 3 Vendor Acknowledgement: Content Decisions: CF-DEFAULT Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1343 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1343 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20010612 bug Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-06/0142.html Reference: BID:2861 Reference: URL:http://www.securityfocus.com/bid/2861 Reference: XF:webstore-cgi-command-execution(6685) Reference: URL:http://xforce.iss.net/static/6685.php ws_mail.cgi in WebStore 400/400CS 4.14 allows remote authenticated WebStore administrators to execute arbitrary code via shell metacharacters in the kill parameter. Analysis ---------------- ED_PRI CAN-2001-1343 3 Vendor Acknowledgement: Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1344 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1344 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20010612 bug Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-06/0142.html Reference: BID:2860 Reference: URL:http://www.securityfocus.com/bid/2860 Reference: XF:webstore-cgi-command-execution(6685) Reference: URL:http://xforce.iss.net/static/6685.php WSSecurity.pl in WebStore allows remote attackers to bypass authentication by providing the program with a filename that exists, which is made easier by (1) inserting a null character or (2) .. (dot dot). Analysis ---------------- ED_PRI CAN-2001-1344 3 Vendor Acknowledgement: Content Decisions: SF-LOC ABSTRACTION: CD:SF-LOC suggests splitting issues of different types. In this case, the "filename that exists" is made easier by directory traversal/null character techniques, but it could still be a problem if the directory traversal issues were fixed. However, the issues are closely related. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1346 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1346 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20010518 tmp-races in ARCservIT Unix Client Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0184.html Reference: BID:2748 Reference: URL:http://online.securityfocus.com/bid/2748 Reference: BID:2741 Reference: URL:http://online.securityfocus.com/bid/2741 Computer Associates ARCserveIT 6.61 and 6.63 (also called ARCservIT) allows local users to overwrite arbitrary files via a symlink attack on the temporary files (1) asagent.tmp or (2) inetd.tmp. Analysis ---------------- ED_PRI CAN-2001-1346 3 Vendor Acknowledgement: Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1347 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1347 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20010524 Elevation of privileges with debug registers on Win2K Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0232.html Reference: XF:win2k-debug-elevate-privileges(6590) Reference: URL:http://www.iss.net/security_center/static/6590.php Reference: BID:2764 Reference: URL:http://www.securityfocus.com/bid/2764 Windows 2000 allows local users to cause a denial of service and possibly gain privileges by setting a hardware breakpoint that is handled using global debug registers, which could cause other processes to terminate due to an exception, and allow hijacking of resources such as named pipes. Analysis ---------------- ED_PRI CAN-2001-1347 3 Vendor Acknowledgement: unknown discloser-claimed Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1348 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1348 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20010528 TWIG SQL query bugs Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0260.html Reference: MISC:http://twig.screwdriver.net/index.php3 Reference: XF:twig-webmail-query-modification(6619) Reference: URL:http://www.iss.net/security_center/static/6619.php Reference: BID:2791 Reference: URL:http://www.securityfocus.com/bid/2791 TWIG 2.6.2 and earlier allows remote attackers to perform unauthorized database operations via a SQL injection attack on the id parameter. Analysis ---------------- ED_PRI CAN-2001-1348 3 Vendor Acknowledgement: unknown vague ACKNOWLEDGEMENT: the vendor's News page contains an entry dated July 3, 2001, which states "TWIG 2.7.0 has been released, this release includes several security fixes... check the CHANGELOG for a complete list of changes." However, the CHANGELOG for 2.7.0 has no details, and indeed does not mention security at all. There is not sufficient evidence to know that the vendor fixed *these* problems. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS:
|
||||
